Description
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function.
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.1
- Patched version(s): 1.1.2
References
Related Issues
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- rollbar vulnerable to prototype pollution - CVE-2025-57325
- csvjson vulnerable to prototype injection - CVE-2025-57318
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on February 01, 2023